The EU’s police office, Europol, is currently drawing up a report – the Serious Organised Crime Threat Assessment (SOCTA) – that will inform „political priorities, strategic goals and operational action plans“ from 2013 to 2017, as part of the EU Policy Cycle on serious and organised crime. However, documents outlining the way in which Europol puts the report together indicate that the agency is willing to make use of data that, judged by its own assessment methods, is to be considered „not confirmed“.

The Policy Cycle is aimed at increasing joint law enforcement operations in eight different priority areas through the drafting and execution of ‚Operational Action Plans‘ involving Member States police forces, customs agencies and border guards, and EU agencies and institutions. The current priorities are: West Africa, Western Balkans, illegal immigration, synthetic drugs, container shipments, trafficking in human beings, mobile (itinerant) organised crime groups, and cybercrime, and Europol’s 2011 Organised Crime Threat Assessment (OCTA) played a significant role in establishing where European law enforcement authorities should focus their efforts.

OCTA’s successor, the SOCTA, will do the same for the „full“ policy cycle, from 2013 to 2017. A document outlining the SOCTA’s methodology shows the significant amount of data and analysis that goes into the report. But what kind of data gets used?

Dodgy data?

Information obtained by Europol is analysed using the „4×4″ system, a method generally accepted by police forces across the Member States. This is based on four source codes:

“ A – where there is no doubt of the authenticity, trustworthiness and competence of the source, or if the information is supplied by a source who, in the past, has proved to be reliable in all instances;
“ B – source from whom information received has in most instances proved to be reliable;
“ C – source from whom information received has in most instances proved to be unreliable;
“ X – the reliability of the source cannot be assessed.

The source codes sit alongside four information codes:

“ 1 – information whose accuracy is not in doubt;
“ 2 – information known personally to the source but not known personally to the official passing it on;
“ 3 – information not known personally to the source but corroborated by other information already recorded;
“ 4 – information which is not known personally to the source and cannot be corroborated.

The source codes and information codes are cross-referenced via a table so that each piece of information is given a rating – A1 being the best (where the authenticity, trustworthiness and competence of the source and the accuracy of their information is not in doubt), and X4 being the worst (where the source’s reliability cannot be assessed, and the information they provide is not known personally to them and cannot be corroborated). A1, A2, B1, B2 all count as „confirmed information“ – anything else is „unconfirmed information“.

However, Europol does not use this method to assess all the data it receives. Some partners are considered trustworthy enough that information they supply is already considered to be of the highest quality, and automatically graded as such. This includes:

“ Europol information: A1
“ MS information: A1 (an exception can be made if there is explicit reason to lower the status of the source and/or information e.g. investigation is ongoing and not all information is confirmed);
“ Information from EU institutions (Eurojust, FRONTEX, …): A1;

Other sources are more closely examined: „the status of information from grey literature and other open sources can be anything between A1 and X4,“ and no sources are „immediately discarded, except for suspicious sources, tabloid press articles or similar.“

While this checking process makes it possible for the agency to dispense with information deemed to be unreliable, it would seem that the automatic acceptance of information from Member States and EU agencies provides a way for unsubstantiated or unreliable data to become accepted as ‚A1‘ quality at European level. Europol has no powers to examine whether assessment processes at national level or in EU agencies meet the required standards.

Meanwhile, in drawing up the SOCTA, it seems that the agency is happy to make use of source material that does not even meet its standards for „confirmed information.“

Although its own information booklet says that A1, A2, B1 and B2 are all „confirmed information“, the SOCTA methodology says that „the information that can be used for the SOCTA should have an evaluation of B3 or higher.“

Data graded as A3 (the source does not know the information personally, but the authenticity, trustworthiness and competence of the source is not in doubt and their information is corroborated by other sources) or B3 (information not known personally to the source but it is corroborated by other information already recorded, and the source has in most instances proven to be reliable) can therefore be used in drawing up the document’s „threat assessments“, which will form the basis for coordinated operational action by Member State police forces and EU agencies.

The handling codes are also used for „contacts and associates“ of the „suspect“, casting a very wide net for the intelligence gathered, processed and passed on.